Re: primary_conninfo missing from pg_stat_wal_receiver
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Michael Paquier <michael.paquier@gmail.com>,
Tatsuo Ishii <ishii@postgresql.org>, vik@2ndquadrant.fr,
PostgreSQL mailing lists <pgsql-hackers@postgresql.org>,
Masao Fujii <masao.fujii@gmail.com>
Date: 2016-06-21T03:06:15Z
Lists: pgsql-hackers
Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes: > On 6/20/16 10:29 PM, Tom Lane wrote: >> What I would want to know is whether this specific change is actually a >> good idea. In particular, I'm concerned about the possible security >> implications of exposing primary_conninfo --- might it not contain a >> password, for example? > That would have been my objection. This was also mentioned in the > context of moving recovery.conf settings to postgresql.conf, because > then the password would become visible in SHOW commands and the like. > Alternatively or additionally, implement a way to strip passwords out of > conninfo information. libpq already has information about which > connection items are sensitive. Yeah, I'd been wondering whether we could parse the conninfo string into individual fields and then drop the password field. It's hard to see a reason why this view needs to show passwords, since presumably everything in it corresponds to successful connections --- if your password is wrong, you aren't in it. regards, tom lane
Commits
-
Add conninfo to pg_stat_wal_receiver
- 9ed551e0a4fd 9.6.0 landed
-
Only show pg_stat_replication details to superusers
- f88a638199d8 9.1.0 cited